RE: HELP-Intermittent Outbound VPN Problems
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 7 Dec 2004 16:02:26 -0600
Also, are they connected to the Internet via a DSL connection?
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx]
Sent: Tuesday, December 07, 2004 3:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems
http://www.ISAserver.org
FWIW, another lister, Tiago de Aviz, is attempting to help me. He
provided
a VPN into his server and I was able to connect from a couple of
machines,
but not from my laptop! I still can't connect to my client from those
two
machines. (But I can from the ISA server.)
Guinn
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, December 07, 2004 1:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems
http://www.ISAserver.org
Hi Guinn,
What happens when you do a tracert from the client to the VPN servers
address when its not working? The fact that it works sometimes, but not
other times, indicates that its not an ISA firewall issue, but something
to do with the underlying network infrastructure. It could be something
as simple as the VPN server admin not supplying enough addresses or
ports for all the VPN clients they want to support.
HTH,
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx]
Sent: Tuesday, December 07, 2004 1:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems
http://www.ISAserver.org
Tom,
It is configured for PPTP. It works some of the time, just not
consistently. And it works on some machines more consistently than
others!
I looked up the definitions, and we are definitely using SecureNAT.
Guinn
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, December 07, 2004 12:58 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems
http://www.ISAserver.org
Hi Guinn,
Sounds like you're using PPTP then. Have you configure the ISA firewall
to support PPTP passthrough? IIRC (and its been a while since I've
configured an ISA Server 2000 firewall), you right click on the packet
filters node and click the last tab in the Properties dialog box. Also,
make sure you're configured as a SecureNAT client, and you should be
good to go.
HTH,
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx]
Sent: Tuesday, December 07, 2004 12:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems
http://www.ISAserver.org
Tom,
1. The VPN protocol is set to automatic. I just created the connection
using the XP wizard.
2. The server I am calling is a Windows 2000 Advanced server.
3. There's no firewall client installed. And I'm pretty sure we're not
using a Web Proxy. (This was set up by someone else for me, so please
excuse my ignorance.)
Actually, I don't get disconnected; I never get connected. (Except when
it
works!!) I don't think their connection is flaky. It is being used by
a
number of people, and I'm the only one having problems. (And I'm only
having problems from my office.)
I have been working this morning with the client's network person. He
did
some things to get the security levels as low as possible, but still no
connection from the machine I need. (Which was able to connect
yesterday.)
What else can I tell you?
I really appreciate your help.
Guinn
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, December 07, 2004 11:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems
http://www.ISAserver.org
HI Guinn,
OK, we're getting closer!
So, you're calling a third party VPN server from a VPN client behind an
ISA Server 2000 firewall.
So, we need definitive answers to the following:
1. What VPN protocol are you using?
2. What VPN server are you calling? Do they fully support the VPN
protocol you're using?
3. You need to be sure re: the ISA client type. SecureNAT, Firewall
client and/or Web Proxy (actually, we only really need to know about
Firewall client)
When you get disconnected, what to the tracerts look like to the
destination network? Could be that they're using a flakey connection and
that's dropping the VPN link. I've never had connectivity problems with
my VPN clients from behind ISA firewall unless their was some network
problem, so I don't think it's the ISA firewall, but details will help.
HTH,
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx]
Sent: Tuesday, December 07, 2004 10:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems
http://www.ISAserver.org
Tom,
Dedicated T1.
SecureNAT (I think)
TCP/IP
Third party VPN server.
Guinn
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, December 07, 2004 10:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: HELP-Intermittent Outbound VPN Problems
http://www.ISAserver.org
Hi Guinn,
What type of connection do you have to the Internet?
What client type is the VPN client machine? (SecureNAT, Web Proxy and/or
Firewall client)
What VPN protocol are you using?
Is this a problem connecting to a third party VPN server, or a problem
connecting to your ISA firewall's VPN server from a remote location?
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Guinn Unger [mailto:mlists@xxxxxxxxxxxxx]
Sent: Tuesday, December 07, 2004 9:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] HELP-Intermittent Outbound VPN Problems
http://www.ISAserver.org
I am pulling my hair out (and I don't have that much left). I am doing
some web development work for a client. I need to VPN into their
network in order to connect to their database and SourceSafe repository.
The VPN connectivity is incredibly intermittent! I am running ISA 2000
on Windows 2000 on my network at work.
Things I know:
Other people from outside our company use the VPN and are not having any
problems. (It seems to me that this probably rules out problems on the
client's end.)
From home, via cable modem, I can connect just fine from two machines.
(Portable running Windows XP Pro with SP1 and failed SP2, and Windows
2000) (It seems to me this further rules out problems on the client's
end.) The connections are very fast.
From work, I am sometimes able to connect to the VPN from the same
portable mentioned above and sometimes not. (The error is the standard
800 error.) However, even when it works it sometimes takes a couple of
minutes to time out and then works on the second try (but not always).
From work, another machine running Windows XP SP2 was able to connect
yesterday until I rebooted it, then nothing. I still can't connect
today. (800 error).
From work, a server running Windows 2003 was unable to connect yesterday
(error 800) but seems to be able to connect right now. (I'm not
optimistic about tomorrow though.)
Questions:
Is this likely to be an ISA problem? If so, is there some methodical
way I can troubleshoot what is going on? If not, any other ideas?
BTW, I am a developer, not much of a network person, so detailed help or
directions to other resources would be appreciated.
Thanks.
Guinn Unger
Unger Technologies, Inc.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mlists@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mlists@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mlists@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
